Ebook: Terrorists' Use of the Internet

This book compiles revised versions of a selection of papers delivered at an Advanced Research Workshop on ‘Terrorists’ Use of the Internet' supported by the NATO Science for Peace and Security Programme and held at Dublin City University on 27–29 June 2016. The event was co-organised by Swansea University's Cyberterrorism Project and the EU FP7-funded VOX-Pol project. The workshop consisted of a total of 31 presentations, followed by a roundtable discussion. Sixty delegates from 13 countries attended the symposium, including researchers from Australian National University, Cardiff University, Leiden University, Old Dominion University, Tallinn University of Technology, University of Bristol, University of East Anglia, and Université Grenoble-Alpes and representatives from NATO HQ, NATO CCD-COE, UNICRI, the European Defence Agency, the Bavarian Police Academy, and the Italian Carabinieri.

Here in the Preface, we describe the aims and scope of the workshop and thus also of this book. We also supply a brief overview of each of the book's discrete sections and the chapters contained within these. Finally, we provide the ten recommendations arising from discussions that took place over the workshop's three days and explicitly formulated during the final roundtable discussion.

Scope and Aim of Book

Two of the global threats identified by the US Intelligence Community's 2016 World-wide Threat Assessment were cyber and technology, and terrorism. The aim of our workshop was to examine the convergence of these threats, in particular to:

• Assess the threat from terrorists launching cyberattacks and evaluate methods of improving protection of critical infrastructure;

• Deepen existing understanding of the different ways in which terrorists use the Internet and produce recommendations for the formulation of laws and policies to counter this threat;

• Evaluate these legislative and policy responses in terms of their impact on democracy, liberty, and the rule of law;

• Generate innovative, interdisciplinary, and robust methodologies and techniques for the study of terrorists' online activities; and,

• Gauge the opportunities provided by the Internet for intelligence and enforcement agencies, not only for surveillance and intelligence but also the construction and promotion of counter-narratives and other strategic communications.

A further aim of the workshop was to nurture dialogue between members of the academic, policy, and practitioner communities. The participants therefore included representatives from each of these communities. As well as bridging the gap between academia and practice, the workshop also sought to bridge disciplinary divides. The participants had a wide range of expertise (including engineering, computer science, law, criminology, political science, international relations, history, and linguistics). The chapters included herein reflect these diverse professional and disciplinary backgrounds.

Overview of Chapters

In their overview chapter, Kavanagh, Carr, Bosco, and Hadley examine a variety of terrorist uses of the internet, focusing particularly on propaganda and operations-related content, but also addressing the threat of attacks against critical infrastructure. The chapter also outlines counter-measures taken at the international and regional levels, as well as by industry, and identifies the principal challenges faced by such efforts. The chapter thus provides a useful outline of many of the issues that are addressed in further depth in the book's other chapters.

The book's remaining 25 chapters are clustered into five sections on cyberterrorism and critical infrastructure protection, cyber-enabled terrorist financing, jihadi online propaganda, online counterterrorism, and innovative approaches/responses. The chapters included in each of these sections are described below.

Cyberterrorism and Critical Infrastructure Protection

The four chapters in this section focus on cyberterrorism and critical infrastructure protection, with cyberterrorism conceived of narrowly therein, being limited to activity with first order effects like injury, death or large scale physical destruction, and omitting activity like online financing, online propaganda, and other online activity engaged in by terrorists and discussed in other sections of the book.

The section's opening chapter by the European Defence Agency's Röhrig and Llopis provides a practitioner's perspective on the type of considerations military commanders would be obliged to confront in the event of a cyberterrorist attack. The chapter explores different options for responding to such an eventuality and the conditions of uncertainty and risk that would surround such an unfolding crisis. As they note, operational planning remains a subjective, artful, process: one that draws upon existing imaginations, intuitions, and experiences. Thus, the chapter concludes by calling for further discussion and training exercises to increase understanding of the appropriate response to future acts of cyberterrorism.

Mobolarinwa Balogun, Hayretdin Bahşi and Bilge Karabacak are concerned in their chapter with the risks associated with the so-called ‘Internet of Things’ (IoT), the name given to combinations of various networking and computing technologies that heralds a new age of data aggregation and ubiquitous connectivity among physical objects. Their chapter provides a preliminary comparison of a typical IoT application in the area of health with an industrial control system (ICS) in order to show that IoT applications require careful consideration in terms of the risks they pose as terrorists may attack them with easy-to-implement cyberattacks for purposes of causing physical harm to individuals.

The importance of securely managing Industrial Control Systems (ICSs) is growing, as they are increasingly embedded in critical national infrastructure (e.g. city traffic lights controls) and thus a potentially attractive target for organised cyber-criminals and terrorists. In their chapter, Spyridopoulos, Maraslis, Tryfonas, and Oikonomou present a novel approach that combines Stafford Beer's Viable System Model (VSM) with Game Theory in order to develop a risk management process that addresses some of the most pressing concerns in this area. These include predictions of the likelihood of cyber-security incidents occurring generally relying upon estimations or guesses based on past experience and incomplete data, which can lead to errors in the evaluation of risks that can ultimately affect system protection. This issue is also transferred to methods used in ICSs themselves, as these are mainly adaptations of such traditional approaches. Additionally, conventional methods fail to adequately address the increasing threat environment and the highly interdependent critical nature of ICSs. The model developed in this chapter, on the other hand, provides a holistic, cost-efficient cybersecurity solution that takes into account interdependencies of critical infrastructure components as well as the potential impact of different attack strategies.

Finally for this section, Leonie Tanczer's chapter considers ‘The Terrorist – Hacker/Hacktivist Distinction,’ in which she introduces original research into the ways that hackers and hacktivists understand themselves and believe themselves to be understood by others. Drawing on 35 interviews with self-identified hackers and hacktivists, Tanczer finds considerable concern within this community around their linking with cyberterrorism. Hackers/hacktivists view this linking as illegitimate, and identify its purpose as legitimation of potentially troubling incursions into online activities and freedoms. As Tanczer's research powerfully illustrates, hackers and hacktivists view themselves as quite distinct from cyberterrorists and, in fact, providers of, rather than threats to, online security.

Cyber-Enabled Terrorist Financing

The book's second section focuses on the role of the Internet in terrorism financing.

Başaranel begins by outlining the importance of financial assets for the survival of terrorist groups, and the growing importance of the internet as an infrastructure for the generation, transfer, and distribution of funds. Başaranel then offers a typology of the range of ways in which terrorist groups generate income via the internet. These span the direct solicitation of donations via websites or social media platforms through to more obvious criminal activities such as online credit card fraud. To make sense of this range of activities, Başaranel distinguishes between active and passive examples of online terrorist financing, separating them by the level of donor consent in the acquisition or transfer of funds. The chapter finishes by turning attention to the online movement and storage of funds, including through virtual currencies, pre-paid cards, and internet-based payment systems.

In their chapter, Giovanni Bottazzia and Gianluigi Me follow-up by considering some of the ways in which terrorist organisations might exploit opportunities presented by current and future cyber-technologies. The authors draw widely on lessons learned from ‘ordinary’ cybercrime, arguing that the internet offers considerable advantages to would-be criminals with appropriate resources and know-how. The perpetual sidelining of security considerations for reasons of efficiency or ease within new internet based technologies is a particular concern here, along with the significant increase of internet-connected devices in everyday life and critical infrastructure alike. These dynamics, Bottazzi and Me argue, should lead to a ‘growing sense of vulnerability’ throughout society.

Jihadi Online Propaganda: Purposes and Effects

The third cluster of five chapters examines jihadi online propaganda, with a particular focus on jihadi online magazines, particularly, al-Qaeda in the Arabian Peninsula's (AQAP) Inspire and the so-called ‘Islamic State's’ (IS) Dabiq.

The section opens with Weimann's exploration of al-Qaeda's response to the Islamic State's declaration of its caliphate and the subsequent necessity to provide a credible argument about, in particular, the ways in which a true caliph can be chosen. Coming in the wake of the Arab revolutions, this credible counter-argument had to be carefully balanced with the wider population's desire for increased political participation – one of the key grievances driving the revolutions. By analysing the treatises, distributed online, of the three major al-Qaeda affiliates, Jabhat al-Nusra, al-Qaeda in the Islamic Maghreb (AQIM), and AQAP, and comparing these with classical and modern discourses around appointment of a caliph, Weimann suggests that al-Qaeda used the opportunity to position itself as a representative of Muslim communities and defender of their rights.

In the first of four chapters on jihadi online magazines, Stuart Macdonald analyses the contents of IS's Dabiq magazine using the framework of responsive regulation, described as “an attitude that enables the blossoming of a wide variety of regulatory approaches”. Macdonald argues that, whilst there are dissimilarities between the efforts of government or other private regulators and the producers of Dabiq, they nonetheless have a key feature in common: they seek to achieve compliance with a given set of norms by inducing behavioural and attitudinal change. The chapter seeks to show how this is achieved through the persuasive techniques employed in Dabiq, the interplay between these techniques, and the role played by assessments of (procedural as well as substantive) fairness.

Chapter 10, by Lorenzo-Dus, Walker and Kinzel, claims that excessive attention has been paid in Terrorism Studies to terrorists' messages (their discourse) as compared to their target audiences, which has contributed to stagnation in this field. The chapter begins by clarifying what a discourse analytic approach entails, differentiating it from the language-based content analytic approaches prevalent in Terrorism Studies to date. It then illustrates the potential value of the former approach by reporting the key results of a Corpus-Assisted Discourse Studies analysis of (de)legitimation in the jihadi online magazines Dabiq and Inspire. The results revealed some similarities, but also significant differences in the ways in which Inspire and Dabiq discursively ‘other’ the West by attacking different aspects of its ‘public image’. They also revealed notable differences regarding the discursive means via which they legitimate such othering with regard to individuals and groups that are pejoratively referred to in the magazines as ‘kuffar’ (disbelievers) and ‘murtaddin’ (apostates).

Haroro Ingram's chapter builds on a number of the arguments raised in Ch. 10. To do this, Ingram again compares Dabiq and AQAP's Inspire online magazine to examine how Dabiq's narratives are strategically designed to appeal to and radicalise its audiences. In particular, Ingram examines how the narratives employed provide its readers with a “competitive system of meaning” in order to shape their perceptions and polarise their support. The chapter concludes by outlining lessons for counterterrorism strategic communications drawn from the comparison.

In the final chapter in this cluster, Conway, Parker, and Looney examine the instructional guides found in three online magazines: Inspire, Inspire's forerunner Jihad Recollections, and Somali Al-Shabab's Gaidi M'taani. They explain that the three magazines contain instructions on a range of activities, from bomb-making and firearms to exercise and information technology. Their findings show that it is Al-Qaeda's Inspire magazine that not only contains the greatest number of instructional guides, but also has a particular focus on bomb-making. Inspire's producers claim that these guides have had real world impacts in terms of both motivating individuals to perpetrate attacks and providing them with the necessary skills and know-how to do so; a view that has been echoed by some (but not all) other commentators.

Online Counterterrorism

This section is the text's largest with eleven chapters and is thus divided into three subsections as follows: public actors, private actors, and cooperative approaches; online CVE strategies; and surveillance. The chapters included in each of these sub-sections are described below.

Public Actors, Private Actors, and Cooperative Approaches

The chapters clustered here explore the roles of public actors, including law enforcement and legislators, private actors, including Internet companies, and cooperative approaches, including so-called ‘public-private partnerships,’ in responding to terrorist use of the Internet, with a particular focus on responding to IS's social media activity.

The section opens with Keiran Hardy's chapter on ‘hard’ and ‘soft’ responses to online violent extremism. ‘Hard’ criminal offences and ‘soft’ policy programs are both required to counter the threat of online extremism, but the lines between these two can blur significantly in practice, he argues. This chapter focuses on the UK's counterterrorism laws and its Prevent strategy to argue that overlap between these hard and soft power approaches creates substantial confusion over the lines between lawful and unlawful online conduct thus generating, amongst other things, damaging perceptions about the motives behind governments' soft power responses to terrorism.

Legrand discusses the approach to counter-terrorism taken by the countries of the “Anglosphere”: Australia, Canada, New Zealand, the United States of America, and the United Kingdom. In the face of the complexities associated with transnational security and counter-terrorism challenges, these five states have followed a path of increased collaboration and shared policy approaches in this area. This, Legrand argues, has led to a reassertion of state ascendancy in response to the growing importance of non-state actors in the area of national security. This is particularly highlighted by the states' increasing powers of surveillance and the broadening of legal powers available to them in the name of countering violent extremism, especially in cyberspace. This collaboration, and the effects thereof, offers important insights into state approaches to CVE and the way in which the issue is framed, and the influence this framing has on understandings of violent extremism.

Angela Gendron's chapter examines the use of the criminal sanction as a preventative tool of counter-terrorism. The chapter highlights the tension between, on the one hand, arresting and prosecuting suspects at an early, preparatory stage in order to disrupt terrorist activity (as opposed to relying on after-the-fact prosecution) and, on the other hand, the importance of avoiding legislative overreach and inappropriate restrictions on such rights as the freedom of expression, religion, and association, including online. The chapter draws on a range of recent Canadian cases in order to illustrate this tension and pose questions about the proper use and scope of the criminal law.

In his chapter, Çelik sets out to examine IS's cyberspace activities, with a particular focus on the 2015 Paris attacks and subsequent Western responses. The chapter's aim is twofold: firstly, to provide insight into terrorist use of cyberspace, supplying specific examples of the ways that IS militants and their supporters exploit a wide array of methods and tools for purposes of sustaining the group's legitimacy and operational security; secondly, to analyse Western responses to IS's cyberspace activities, with an emphasis on the role of technology companies in disrupting terrorists' cyberoperations. The discussion concludes with a consideration of the partnership possibilities between states and technology companies, which – in the aftermath of the Snowden leaks – come at a time when trust between the two entities has been shaken.

The final chapter in this sub-section, by Nitsch and Irani, explores both the roles of social media in radicalisation processes and the possibilities of using social media for disengagement from extremism and terrorism, along with more general antiradicalisation purposes. The focus throughout the chapter is on the use of social media for radicalisation and de-radicalisation of German jihadis, including treatment of two prominent cases: the radicalisation of the former rap musician Denis Cuspert (a.k.a. Deso Dogg) and of 18-year old David G, who was killed in Syria.

Online CVE Strategies

Online Countering Violent Extremism (CVE) strategies, particularly those targeting IS, are currently receiving a lot of attention from policymakers and others. The three chapters in this sub-section grapple with doing CVE via the internet effectively.

Alastair Reed's chapter explores the lessons that can be learned from past communication experiences to aid contemporary Counter-Terrorism Strategic Communications (CTSC) campaigns targeting current online propaganda threats. The chapter argues against reinventing the wheel in the fight against IS and instead highlights four key lessons from the past: i) the need for multiple mediums of communication, particularly the realisation that online social media are not the only mediums of communication that we should be focusing on, ii) closing the say-do-gap (i.e. the gap between Western governments' rhetoric as compared to their actions on the ground), iii) engaging in offensive messaging as well as defensive or ‘counter’ messaging, and, finally, iv) basing counter-terrorism communications on market research and thereby achieving directed targeting.

In their chapter, Barnes and Lucas argue that returned foreign fighters have an important role to play in the creation and deployment of counter-terrorism communications. Their credibility, experience, access to radicalised networks, and understanding of the motivations that drive foreign fighters leave them uniquely placed to challenge terrorist narratives. The authors acknowledge that such online counter-narratives can only be successful if issues in the “offline” world around foreign policy actions, human rights and the underlying causes of radicalisation (i.e. Reed's say-do-gap (Ch. 17)) are addressed. They nonetheless suggest that rethinking the role of returned foreign fighters, engaging with them, and utilising their knowledge could be beneficial, particularly for the development of effective counter-narratives to counter violent extremist propaganda.

Daniel Grinnell explores the potential benefits that advanced large scale open source data analysis could have in understanding public discourse and reactions in the wake of terrorist events. Using the killing of Fusilier Lee Rigby and subsequent online discussions around the attack as a case study, Grinnell suggests that analysis of this type of open source data can play a role in identifying those social media accounts and users that most influence post-event discussion and that the potential therefore exists to intervene and change the course of this discourse, potentially preventing further violence and offering greater understanding of the actions that may follow such an event. This suggested approach is not, Grinnell notes, without challenges, both in terms of capabilities within the intelligence community and the ethical considerations that accompany such an approach, but, he argues, is nevertheless worth exploring.

Surveillance

Surveillance refers to the act of carefully watching someone or something especially in order to prevent or detect a crime. In their chapters, Wells (Ch. 21) and Boeke (Ch. 22) take rather benign views of online surveillance for counterterrorism purposes; Christakis (Ch. 23), in contrast, takes a more critical view.

Sergei Boeke's chapter explores online intelligence gathering activities by different arms of the state, situating these activities within ongoing political and normative debates around surveillance, privacy, anonymity, and national security. Boeke begins by setting out the differences between the surveillance activities of intelligence and law enforcement communities, before identifying four variables through which such activities might be categorised and thereby differentiated: i) scope, ii) level of interception, iii) focus, and iv) data acquisition. Using this framework, Boeke then explores two prominent and contemporary US case studies: the Prism and 215 programmes. He argues that the former did not constitute the mass surveillance programme its critics frequently believed it to, and that the latter was significantly adjusted to include new safeguards following its exposure.

David Wells' chapter analyses the value and limitations of a big data approach to intelligence gathering for counter-terrorism purposes. He argues that the growing availability of data, and the increasingly transnational and technology-dependent nature of many contemporary terrorist groups, provides significant opportunities for counterterrorism agencies. Although there are challenges – including the need for transnational cooperation, and the rise of encryption – big data approaches might address the limitations of alternative forms of intelligence in contemporary theatres of conflict such as that dominated by IS, he argues. Big data approaches are particularly helpful, Wells notes, in filling information gaps and identifying specific individuals of interest. Although Wells is less concerned by resource availability than some critics of big data approaches, he concludes by highlighting the need for development of the right sorts of analytical capabilities to make sense of this data.

The third and final chapter in this sub-section, by Theodore Christakis, examines the compatibility of national surveillance laws with international law, focussing in particular on the relationship of the new powers introduced in France in response to the 2015 Paris attacks with the right to respect for private and family life enshrined in Article 8 of the European Convention on Human Rights. He explains that, whilst erosions of this right may be justified in pursuit of certain specified objectives, including national security, the European Court of Human Rights has also warned of the dangers that surveillance activities pose to democratic societies and urged the need for careful scrutiny. Christakis identifies a number of aspects of the new French law that could be subject to legal challenge, including the use of “black boxes” and ISMI-catchers, and discusses whether the associated oversight and control mechanisms are sufficiently stringent.

Innovative Approaches/Responses

The final cluster of three chapters bring new and innovative thinking and/or approaches to the study of terrorism and the Internet, including in the domains of online selfradicalisation, cyberterrorism, and hacking.

“Cyber-fronts” can be divided into two categories, according to Murat Gunestas and Kamil Yilmaz: (i) those that are bound to a specific conventional terrorist organisation; and (ii) those that are not tied to any specific organisation, but provide services for many of them. After outlining the ways in which cyber-fronts use the Internet to support terrorist organisations, Gunestas and Yilmaz argue that Internet forensics is a significant and powerful tool that can be used in conjunction with traditional investigation methods to support the fight against these online groups. The chapter focuses in particular on the PKK-associated Cyber-Median Guerrillas (CMG-Team) and the more freewheeling Redhack cyber-fronts.

The penultimate chapter in the collection, by Lee Jarvis, explores how the UK news media represents – or constructs – the threat of cyberterrorism. Drawing on original empirical research, it argues that the news media relies upon a relatively coherent discursive framework in which a vulnerable, passive and weak ‘self’ is juxtaposed with a proactive, resourceful, and determined cyber-terrorist ‘other’. The chapter then argues that this construction is reflective of the gendered character of this discourse in which the news media's treatment of cyberterrorism is overwhelmingly written by male and gender-less authors; reliant upon male and gender-less experts; focused on the actions of male characters; and far more frequently illustrated by images of men than by those of women.

The final chapter, by Bradbury, Bossomaier, and Kernot, outlines a novel pilot project, undertaken by the authors, which used a complex systems approach to create data-driven, real-time, empirical analysis of the online self-radicalisation phenomenon and in particular the issue of identity in text. The authors conclude that their pilot shows that individuals reveal their ‘identity’ through their texts; that there exists a tipping-point phenomena where ‘identity’ may shift rapidly from one metastable state to another; and an individual's ‘identity’ will show critical slowing down – the characteristic dynamics that predict the approach of a tipping point. The project's purpose is to generate actionable predictions about the likelihood that particular individuals of interest will become self-radicalised.

Policy Recommendations

The ten policy recommendations emanating from formal and informal discussion over the course of the workshop's three days, formulated during the final roundtable discussion, and agreed upon by participants were as follows:

1. The workshop highlighted the importance of learning from history, from other cultures, from other disciplines, and from other research contexts. The value of academic collaboration with non-academic practitioners and policymakers was also emphasised, including the co-creation of research projects and new forms of partnership working. To fully realise the potential benefits of such partnerships, more innovative and more integrated opportunities should be developed to engage academia (including postgraduate research students) at the international level, to feed into policy development, law making, and guidance. This should include an active commitment to academic freedom, and efforts to ensure that academics are able to access, collect, analyse and store data in a secure and ethical manner.

2. Successful multi-agency partnership requires effective communication and inter-partner trust. A variety of confidence-building measures, that will help to define frameworks of collaboration, intervention and response, should therefore be deployed. These might include: regional (ASEAN Regional Forum (ARF), EU, AU, OAS, etc.) or track 1.5 table-top exercises integrating stakeholders from the private sector, academia, civil society, NGOs, legal departments, communications departments, etc., to run through ‘live’ case studies on how to respond to online content; developing and making publicly available ‘cyber games’ and databases of scenarios that can be used to understand the impacts of interventions and inform policy development; providing a space or collaborative forum where these initiatives, guidelines, scenarios, recommendations, etc., can be accessed by the actors, to stimulate dialogue and engagement; and, providing the public and private sectors with access to, and information on, emerging guidance on how to balance human rights, security and commercial interests in situations involving terrorist use of ICT and the internet, and to engage civil society in the process. Collaboration with the on-going projects on these issues might be a first step in this direction.

3. It is dangerous to conflate the activities of hackers/hacktivists and those of (cyber)terrorists. The former are distinct from the latter, in terms of both their motivations and the impact of their actions. The expertise of this particular community should not simply be ignored; it would be prudent to ensure that flaws which are discovered by hackers/hacktivists are resolved. To this end, a safe space should be provided for hackers/hacktivists to be able to responsibly report flaws they have discovered in the course of potentially criminal activity perpetrated without malicious intent.

4. The definitions of terrorism precursor offences must strike an appropriate balance between, on the one hand, the importance of preventing planned acts of terrorism and, on the other hand, ensuring that these offences respect fundamental values and do not over-reach. Accordingly, the definitions of terrorism precursor offences should be carefully circumscribed, in particular, by requiring proof that the alleged offender had formed an intention to assist, encourage or facilitate terrorism-related activity.

5. NATO operations have second order effects which may contribute to an environment in which the risk of radicalisation is exacerbated. Pre-deployment training delivered by NATO member states and partners should be developed in accordance with standards and objectives that nurture cultural awareness in order to mitigate this risk.

6. An over-emphasis on the suppression of online terrorist propaganda should be avoided, since attempts to suppress such content are beset with practical difficulties and challenges. It is therefore important that credible and authentic alternative narratives are developed and delivered, and that these narratives are evidence-based and matched by practical action in order not to widen the saydo gap.

7. Once credible, authentic alternative narratives have been developed, it is vital that these are easily discoverable. The norms that tech or social media companies and Internet Service Providers develop to govern online content should promote the visibility of alternative narratives. Recent initiatives aimed at ensuring that those searching for extremist materials online also find alternative narratives are to be welcomed.

8. In terms of terrorist finance, pre-paid cards are an important existing vulnerability. At present an individual can have up to US$2500 with minimal validation of their identity, which is enough to plan, coordinate and perpetrate a terrorist attack. A higher level of identity authentication should be required to purchase a prepaid card.

9. More generally, it is important to recognise that financial donations have significant intelligence value. Financial Intelligence Units (FIUs) should track such transactions in order to disrupt plots and identify individuals involved in terrorist financing. Doing so will require a willingness to cooperate across borders and share information.

10. The workshop recognised the value of some surveillance activities in protecting national security, but also the harmful effect that misinformation and inappropriate responses have on public perceptions. The workshop therefore stressed that state surveillance activities undertaken to counter terrorist threats should be accompanied by adequate legal standards and effective guarantees against arbitrariness and the risks of abuse in order to fully respect human rights and individual freedoms. They must respect the principles of necessity and proportionality and be combined with adequate and independent oversight mechanisms.

The authors of this paper consider recent developments involving terrorist use of the internet and cyberspace for a range of purposes, as well as renewed concerns relating to potential terrorist attacks against critical infrastructure and their control systems. Following from an overview of recent trends, they discuss public and private efforts to respond to existing and emerging threats. The authors anchor these within the context of current efforts to manage a range of interrelated cyber security challenges, focusing predominantly on the international and regional response, as well as efforts by industry actors to deal with terrorist use of their products and services.

The threat of Cyberterrorism is a sub-category of the overall threat environment that can emerge from cyberspace. In consequence military commanders have to take this into account for planning and executing operations when the strategic threat assessment indicates the presence of this specific threat to the operation. The article provides a practitioner's perspective along the military Operational Planning Process (OPP) and the recent developments to integrate cyber considerations in this process along the questions “what ... if ...” a commander of an (EU-led) Crisis Management Operation (CMO) has to respond inter alia to the (so far fictional) tasking, “... in cooperation with all relevant partners and stakeholders take appropriate means and actions to counter Cyberterrorism in the Area of Responsibility (AoR)...”. It provides considerations, which are the relevant planning aspects and factors that the commander should take into account in order to respond to the tasking. This includes the characteristics of cyberspace, the phenomenon of cyberterrorism as such, the type of the military operation, the mandate, the legal framework, the (cyber) situation in the theatre, the necessary information and capabilities, necessary processes/procedures, as well as the relationship with other “Cyber Security Providers” like Law Enforcement Agencies (LEA) in the AoR. It provides an assessment of the use of military capabilities in countering cyberterrorism in crisis management operations, and draws conclusions on the different options and limitations for a complementary use of LEAs and the Military in countering cyberterrorism as it occurs in current and future CMO outside of EU boundaries.

The era of Internet of Things (IoT) is currently being ushered in. IoT is a combination of various networking and computing technologies that heralds a new age of data aggregation and ubiquitous connectivity among physical objects. However, most of the cyber threats emanating from this remain unsolved and may have huge impact on our lives. One of the possible major changes in the impact landscape is the imminent physical results of cyber threats as IoT technologies enable closer interactions between humans and information systems. Although the cyber threats to critical infrastructures have been widely considered by the cyber security community, cases of catastrophic physical impacts are rare which means the impact posture has not yet shifted from information centric impacts to physical ones. However, widespread use of IoT technologies has the potential to accelerate this shift which may bring the threat of cyber terrorism into the picture. This paper provides a preliminary comparison of a typical IoT application in the area of health with an industrial control system (ICS) in order to show that IoT applications require careful consideration as terrorists may attack them with easy-to-implement cyberattacks for the purpose of creating physical harm.

Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly adaptations of such traditional approaches. Additionally, conventional methods fail to adequately address the increasing threat environment and the highly interdependent critical nature of ICSs, while proposed methods by the research community are as yet far from providing a solution. The importance of securely managing ICS infrastructures is growing, as they are systems embedded in critical national infrastructure (e.g. city traffic lights controls) and thus a potentially attractive target for organized cyber-criminals and terrorists. In this Chapter we present a novel approach that combines Stafford Beer's Viable System Model (VSM) with Game Theory in order to develop a risk management process that addresses the above issues. The model we develop provides a holistic, cost-efficient cyber-security solution that takes into account interdependencies of critical components as well as the potential impact of different attack strategies.

The academic literature on terrorism is filled with references to online activities, and the equation of hacking and hacktivism (i.e., politically motivated hacking) with cyberterrorism. This perspective ignores differences in capacities, scope, and motives. Besides, scholarly research is lacking examinations of those perceived as alleged ‘security threats’. This chapter therefore uses interviews with self-identified hackers and hacktivists (N = 35) to address this gap. It examines the distinction between hacking, hacktivism, and cyberterrorism, and studies the discourses and practices of hackers and hacktivists. Building upon the theoretical concept of (in)securitisation and the method of thematic analysis, the findings provide insights into (a) perceptions of hackers and hacktivists by external actors and their (b) self-assessment that stands in contrast to the viewpoints expressed earlier. The results highlight interviewees' objections to the translation of hacking and hacktivism into violent acts of any nature, with participants articulating that the connection of these concepts poses threats to civil liberties and political rights online. The chapter therefore has implications both for academic as well as professional discourse. It seeks to foster a more reflected engagement with these concepts and points to the need for concrete terminological delineations.

Advances in technology have led to the transformation of societies, cultures, behaviours, economy and security. In this regard, the internet and its diverse applications provide a vital means of recruitment, propaganda and financing for terrorist organisations. In this chapter, the financial activities of terrorists and the opportunities emerging in the online environment are examined, and the question of how the internet is used as a medium for funding terrorism is answered. The main argument is that terrorists, similar to criminals, are using opportunities provided by the internet effectively and creatively for meeting part of their financial requirements.

The large scale Internet penetration in processes and activities, from manufacturing to end users, has reinforced the time-invariant pillars of cybercrime, namely social engineering, and software vulnerability, e.g., respectively, ransomware and bugs in banking software. Both these pillars spin off two dichotomous results: the goal is an economic profit for the author or confidential information steal/damage of the target of the attack (e.g. to critical infrastructures). Moreover, enabling technologies for anonymity facilitate the progressive shift of criminal markets on the Internet, as TOR marketplaces and cryptocurrencies show, raising the costs of successful investigation. These phenomena can be carried out by isolated criminals, by serious organized criminals or, mostly, from organized crime benefitting from the Crime as a Service (CaaS) model. Hence only apparently cybercrimes, e.g. digital frauds, are not connected to serious criminal organizations, in particular, terrorism, using these activities to fund the core mission. Cybercrime attractiveness, in terms of expected revenues per action, drives the choice of the organized crime, impacting on its willingness to pay in the CaaS model. This paper, firstly, will explore the economic value of cybercrime, overviewing the revenues from different online crimes in the past, highlighting the most attractive, then will overview the potential targets of terrorism enabled by the adoption of new technologies.

Following the Arab revolutions, al-Qaeda adapted its strategy with the aim of benefiting from the popular protests. Adopting a low profile and trying to merge with local protest and opposition movements, it aimed to create safe havens from which it could prepare attacks on Western targets. In an effort not to alienate local populations, it promised to ensure security, welfare, and services in territories under its control. This new approach was challenged by the Islamic State's aggressive behaviour towards local populations and its declaration of the caliphate. This chapter compares ideological online treatises on the issue of the caliphate which were produced by major al-Qaeda affiliates in reaction to the Islamic State's declaration, and argues that al-Qaeda was forced to develop more concrete views on how and by whom a true caliph is chosen than ever before in its history. To prevent negative repercussions on the rest of the jihadist movement, these views needed to reconcile the popular protests' core demand of increased political participation with al-Qaeda's strong rejection of democracy as an ideology incompatible with Islam. In the longer term, the formulations found might increase al-Qaeda's capabilities to cooperate with movements that do not necessarily share its ideology of a global confrontation between Islam and non-Muslims.

This chapter analyses the contents of so-called Islamic State's Dabiq magazine using the framework of responsive regulation. After a brief statement on methodology, the chapter begins by outlining the notion of responsive regulation and seeks to justify its application in this context. It argues that, whilst there are dissimilarities between the efforts of regulators and the producers of Dabiq, the two have one key feature in common: both seek to achieve compliance with a given set of norms by inducing behavioural and attitudinal change. The subsequent analysis is organised into three sections: the persuasive techniques employed in Dabiq; the interplay between these techniques; and, the role played by assessments of (procedural as well as substantive) fairness.

This paper examines methodology in Terrorism Studies, specifically claims that excessive attention being paid to terrorists' messages (their discourse) instead of to their target audiences has contributed to stagnation in this field. To do so, the paper first clarifies what a discourse analytic approach entails, differentiating it from the language-based content analytic approaches largely followed in Terrorism Studies to date. It then illustrates the potential value of such an approach by both explaining the methodology and reporting the key results of a Corpus-Assisted Discourse Studies piece of research into (de)legitimation in the online jihadist magazines Dabiq and Inspire. This research focused on the notion of the West and on terms used to designate Islam ‘non-believers’ in those magazines. The results revealed some similarities but also significant differences in the ways in which Inspire and Dabiq discursively ‘other’ the West by attacking different aspects of its ‘public image’. They also revealed notable differences regarding the discursive means via which they legitimate such othering with regard to individuals and groups that they pejoratively refer to as ‘kuffar’ (disbelievers) and ‘murtaddin’ (apostates).

Islamic State's (ISIS) Dabiq English-language magazine has been central to its propaganda war for Western Muslims. This study analyses Dabiq, using Al Qaeda in the Arabian Peninsula's (AQAP) Inspire for comparative purposes, to explore how its narratives are strategically designed to appeal to and radicalise its audiences. It examines how strategically designed in-group, Other, crisis and solution constructs are variously interplayed via value-, dichotomy- and crisis-reinforcing narratives to coax audiences into making rational- and/or identity-choice decisions. It explores how these narratives provide its readers with a “competitive system of meaning” in order to shape their perceptions and polarise their support. This analysis then analyses a range of different strategies and levers that are used in Dabiq to boost the appeal of its messaging. It concludes by outlining lessons for counterterrorism strategic communications drawn from the preceding analysis.

This chapter focuses on the instructional content, both text and images, published in 26 issues of three jihadi magazines: Al-Qaeda in the Arabian Peninsula's Inspire, Inspire's forerunner Jihad Recollections, and Somali Al-Shabab's Gaidi M'taani. Instruction was found to be a core component of Inspire as distinct from the varying types and levels of instruction appearing in Jihad Recollections and Gaidi M'taani. Noticeable too was that the text and images composing bomb-making instructional guides were not only the commonest, but also the most detailed types of guides contained in Inspire, with both a high number of images and lengthy supporting text. A clear finding is thus that the purpose of AQAP's Inspire was not just to inspire readers, in the sense of infusing them with some thought or feeling, but also to supply them with instructions on how these thoughts or feelings could be violently actuated.

‘Hard power’ criminal offences and ‘soft power’ policy programs are both required to counter the threat of online extremism. However, the lines between these two approaches can blur significantly in practice. This chapter considers the overlap and interaction between the UK's counter-terrorism laws and its Prevent strategy. It argues that overlap between these hard and soft power approaches creates substantial confusion over the lines between lawful and unlawful online conduct, and generates damaging perceptions about the motives behind a government's soft power responses to terrorism.

The ease, speed and sophistication with which extremist groups have exploited cyberspace for operational coordination and ideological proselytising have taken Western governments by surprise. From brazen digital advocacy of extreme and violent ideology to deft recruitment and fundraising, the Internet has proven to be a remarkably useful medium for non-state actors and hostile terrain for states seeking to curtail the growing global influence of violent extremism. This chapter charts the trajectories of policy frameworks of one distinct cluster of states confronting similar challenges in this respect: the “Anglosphere” states of Australia, Canada, New Zealand, the United Kingdom and the United States of America. The apparent challenge for these Anglosphere states is that policy officials recognise that transnational counter-terrorism challenges cannot be resolved unilaterally but require collaboration in two crucial dimensions. First, to achieve meaningful sovereignty over cyberspaces requires government to acquire the cooperation of private sector actors – including large multi-national digital technology firms. For these companies, relinquishing commercial data or giving up encryption to authorities is anathema. Second, as extremist operational and proselytising activities can transfer across jurisdictions effectively instantly, states have sought to build multi-jurisdictional coalitions, pooling expertise, intelligence and, most importantly, resources. This chapter articulates how these imperatives have played out in domestic institutional settings and goes on to describe how Anglosphere states have forged robust though low-profile networks of security collaboration that facilitate policy and operational interchange. The Anglosphere transgovernmental alliance, it is contended, operates as a persistent and influential mode of policy-making for all partners, cognitively framing the “problem” of extremism in cyberspace and underpinning significant technical and strategic collaboration.

This chapter focuses on Canada's law enforcement approach to countering terrorism and, in particular, the prosecution of terrorist-related or terrorist-associated non-violent activities (precursor offences). The threat from right wing and jihadist-inspired homegrown violent extremism, especially from lone actors seemingly disconnected from hierarchical organizations, has reinforced the need for preventative counterterrorism measures, one component of which is a law enforcement response. Canada also utilizes non-legislative measures to support and prevent individuals from becoming radicalized and involved in violent extremism, but there is also a determination to denounce and deter those already radicalized from engaging whether online or offline in activities which advocate, facilitate, finance and support terrorist acts including the recruitment of vulnerable individuals.

The main aim of terrorists is to spread fear and panic in society. This has been facilitated by widespread use of the Internet and communications technologies. Social media is considered to be one of the most prominent platforms that can be used to effectively shape public opinion in order to reach desired outcomes. Terrorist organisations have always been aware of this fact, and have utilised cyberspace not only for propaganda and the promotion of their own narratives, but for a wide range of purposes, including recruitment, secret communication, and financial transactions. From the initial terror attacks that put ISIS in the spotlight, the terrorist organisation has efficiently been making use of the unique features of this technology, both actively and passively. In addition to the uses listed above, ISIS supporters have conducted cyber-attacks on crucial targets, differentiating themselves from other violent extremists, and pushing those countries fighting against ISIS to generate a specific cyber-strategy which has become an integral part of the “war on terror”. This chapter sets out to examine the cyberspace activities of ISIS, with a particular focus on the Paris attacks of 2015 and the subsequent Western responses. The aim is twofold: firstly, to provide an insight into terrorist use of cyberspace, with specific examples of the ways that ISIS militants and supporters exploit a wide array of methods and tools with the aim of sustaining legitimacy and operational security; secondly, this paper analyses Western responses to ISIS activities in cyberspace with an emphasis on the role of technology companies in disrupting and destructing the terrorist organisation's cyber-operations. The discussion concludes with a consideration of the partnership possibilities between nation-states and technology companies, which, in the aftermath of the Snowden leaks, come at a time when trust between the two entities has been deeply shaken.

Recent terrorist attacks in Europe have drawn further attention to the question of why it is that mostly young people are attracted by radical ideologies and, in particular, the role social media plays in processes of radicalisation. As radical groups increasingly use social media to lure individuals into violent extremism and terrorism, this chapter addresses the different aspects of the role of social media in radicalisation processes. Social media can also be used as a tool to prevent radicalisation and violent extremism however. The same methodologies of persuasion may, it is argued herein, be valid for radicalisation, anti-radicalisation, and de-radicalisation purposes also.

This paper explores the lessons that can be learned from past communication experiences to aid Counter-Terrorism Strategic Communications (CTSC) campaigns targeting the current propaganda threat from so-called “Islamic State” (IS). It will do this by highlighting four lessons from the past from two different areas of communication practice – the history of propaganda and political communication – that are relevant for the current information war against IS. These are i) the need for multiple mediums of communication, ii) the say-do-gap, iii) defensive and offensive messaging, and, finally, iv) market research and targeting.